- 6
- Kongjak
- 조회 수 446
저번에 서버 털릴뻔했다는 글을 올렸습니다.
그 후 fail2ban적용으로 SSH공격은 하루에 3~5회 정도로 줄었습니다.
근데 이제는 FTP를 공격하네요.
물론, 안뚫리고 있습니다.
Sun Jan 21 13:41:14 2018 [pid 12187] CONNECT: Client "::ffff:184.105.247.252" Sun Jan 21 13:55:14 2018 [pid 12203] CONNECT: Client "::ffff:196.52.43.53" Sun Jan 21 20:41:37 2018 [pid 13764] CONNECT: Client "::ffff:164.132.91.13" Sun Jan 21 20:41:40 2018 [pid 13763] [anonymous] FAIL LOGIN: Client "::ffff:164.132.91.13" Sun Jan 21 22:16:20 2018 [pid 14195] CONNECT: Client "::ffff:1.237.140.144" Sun Jan 21 22:22:03 2018 [pid 14479] CONNECT: Client "::ffff:1.237.140.144" Mon Jan 22 01:10:33 2018 [pid 15413] CONNECT: Client "::ffff:125.212.217.215" Mon Jan 22 01:10:36 2018 [pid 15412] [anonymous] FAIL LOGIN: Client "::ffff:125.212.217.215" Mon Jan 22 03:30:02 2018 [pid 15771] CONNECT: Client "::ffff:104.236.168.94" Mon Jan 22 04:43:25 2018 [pid 15991] CONNECT: Client "::ffff:46.161.9.57" Mon Jan 22 05:41:32 2018 [pid 16155] CONNECT: Client "::ffff:125.212.217.214" Mon Jan 22 05:41:35 2018 [pid 16154] [anonymous] FAIL LOGIN: Client "::ffff:125.212.217.214" Mon Jan 22 06:54:01 2018 [pid 16502] CONNECT: Client "::ffff:52.87.199.132" Mon Jan 22 06:54:03 2018 [pid 16501] [anonymous] FAIL LOGIN: Client "::ffff:52.87.199.132" Mon Jan 22 13:30:51 2018 [pid 18026] CONNECT: Client "::ffff:74.82.47.4" Mon Jan 22 18:48:27 2018 [pid 20654] CONNECT: Client "::ffff:141.212.122.128" Tue Jan 23 03:01:52 2018 [pid 22303] CONNECT: Client "::ffff:93.84.140.77" Tue Jan 23 03:01:55 2018 [pid 22302] [admin] FAIL LOGIN: Client "::ffff:93.84.140.77" Tue Jan 23 09:14:53 2018 [pid 23521] CONNECT: Client "::ffff:195.206.42.153" Tue Jan 23 09:14:56 2018 [pid 23520] [anonymous] FAIL LOGIN: Client "::ffff:195.206.42.153" Tue Jan 23 13:36:28 2018 [pid 24567] CONNECT: Client "::ffff:107.170.235.78" Tue Jan 23 13:48:09 2018 [pid 24629] CONNECT: Client "::ffff:216.218.206.68" Wed Jan 24 01:48:27 2018 [pid 26992] CONNECT: Client "::ffff:93.79.141.48" Wed Jan 24 01:48:30 2018 [pid 26991] [www-data] FAIL LOGIN: Client "::ffff:93.79.141.48" Wed Jan 24 14:02:23 2018 [pid 29228] CONNECT: Client "::ffff:74.82.47.4" Wed Jan 24 17:02:24 2018 [pid 29877] CONNECT: Client "::ffff:37.150.2.70" Wed Jan 24 17:02:27 2018 [pid 29876] [anonymous] FAIL LOGIN: Client "::ffff:37.150.2.70" Wed Jan 24 18:49:23 2018 [pid 30192] CONNECT: Client "::ffff:107.170.228.217" Wed Jan 24 22:36:18 2018 [pid 30855] CONNECT: Client "::ffff:196.52.43.131" Thu Jan 25 05:38:00 2018 [pid 32053] CONNECT: Client "::ffff:163.47.162.89" Thu Jan 25 05:38:04 2018 [pid 32052] [admin] FAIL LOGIN: Client "::ffff:163.47.162.89" Thu Jan 25 06:07:19 2018 [pid 32131] CONNECT: Client "::ffff:172.105.218.213" Thu Jan 25 10:41:21 2018 [pid 735] CONNECT: Client "::ffff:175.143.124.5" Thu Jan 25 10:41:24 2018 [pid 734] [admin] FAIL LOGIN: Client "::ffff:175.143.124.5" Thu Jan 25 13:53:59 2018 [pid 1314] CONNECT: Client "::ffff:74.82.47.4" Thu Jan 25 16:42:08 2018 [pid 1786] CONNECT: Client "::ffff:185.97.113.45" Thu Jan 25 16:42:11 2018 [pid 1785] [ftp] FAIL LOGIN: Client "::ffff:185.97.113.45" 보시면 anonymous, ftp, admin등으로 시도하네요.
@마스터 마스터님도 조심하세요.
+ 저번에 계속 pi계정으로 시도해서 pi계정을 그냥 날려버렸습니다.
그것도 모르고 pi계정으로 접속하려하네요 ㅎㅎ
작성자
댓글 6
2018.01.26. 00:51
으어어어... 이런 로그 어디서 보나욬ㅋㅋㅋㅋ 서버 초보라 힠...
2018.01.26. 06:27
vsftpd 로그는 /var/log/vsftpd.log에 있습니다.
2018.01.26. 12:35
옹옹.. 그렇군요. 참고하겠슴돠..!!
2018.01.26. 12:43
@마스터 @맛스타 스포어에 이기능은 없나요? 허허..
2018.01.26. 22:54
저희는 FTP 공격이 따로 들어오지는 않습니다.
2018.01.26. 23:24
권한이 없습니다.
조심할게 아니라 많이 들어와요.
이미 다 막히고 있어서 별로 신경은 안쓰고 있습니다.